Today's networks provide computing resources and digital content to users on a massive scale. The use of networked computers and other data processing devices touches nearly every facet of our day-to-day activities, in almost every area of contemporary life, including education, business, and entertainment. With regard to their use in the business arena, networked computing environments have become the mainstay of business computing in a variety of ways, including information sharing through local networks in office environments, distributed services based on multi-tier systems across an organization, and services hosted on the Internet.
To meet these needs, data centers are used to house mission critical computer systems and associated components, and can include, for example, environmental controls (e.g., air conditioning, fire suppression, and the like), backup power supplies, redundant data communications connections, high-availability mechanisms, security mechanisms, and the like. Typically, larger organizations may have one or more such data centers. A bank, for example, may have a data center, in which its customers' account information is maintained, and transactions involving this data are performed. In another example, large municipalities may have multiple specific-purpose data centers in secure locations near telecommunications services. Collocation centers and Internet peering points are typically located in such facilities. Further, the implementation of such data centers also opens up the possibility of providing computing resources in a dynamic and homogeneous fashion.
“Cloud computing,” as it is known, is the provision of computing resources (hardware and/or software) to users in a remote location by way of such computing resources being made accessible over a network (e.g., the Internet). Cloud computing can be implemented in a number of ways, including software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS), for example. In certain configurations, users are able to avail themselves of such computing resources (including storage and computational power) as a utility, for example, in a dynamic, “on-demand” manner. Typically, cloud computing entrusts remote services with a user's data, software, and computational needs. Also typically, cloud resources are usually not only shared by multiple users, but are also dynamically re-allocated in response to changes in demand. Such functionality can be further enhance through the implementation of virtualized computing resources, where various techniques, methods, or approaches are employed to allocate, maintain, and de-allocate one or more virtual (rather than physical) versions of a given computing resource, such as a virtual hardware platform, operating system (OS), storage device, or network resource, for example.
Scenarios such as the foregoing place varying demands on the network architectures supporting such functionality, in terms of features, performance, and security. This, in turn, results in a multitude of hardware and software systems underlying such networks, a multitude of protocols and standards to interconnect such systems, and a multitude of vendors and solutions supporting them. Given these variations, the logistics of creating, allocating, and maintaining such a networked environment can be daunting. As a result, providing security in such environments also becomes increasingly difficult. The ability for malware and other malicious actors to remotely exploit vulnerabilities of such hardware and software is a primary threat to cloud-based computing environments.
In protecting against such vulnerabilities, virtualized, cloud-based environments present challenges for the intrusion-detection systems and intrusion-prevention systems (IDS/IPS) typically deployed therein. It is now clear that security paradigms employed are not sufficient to fully protect such environments from intrusion. In addition, the dynamic nature of such environments (e.g., with older snapshots being quickly restored and virtual machines being moved between physical servers to optimize resource use) present challenges that do not exist in simpler architectures. Accordingly, there is a need for improved methods and systems to provide intrusion detection and prevention in a cloud-based environment. Moreover, approaches that take advantage of the dynamic nature of such environments, and so reduce the computational resources consumed by such protection are also desirable.